BorlandTalk.com Borland discussion newsgroups   Archives   FAQ   Search   Memberlist   Usergroups   Register   Profile   Log in to check your private messages   Log in  How to decode an account password?          BorlandTalk.com Forum Index -> Delphi Internet Winsock View previous topic :: View next topic   Author Message Marcio Ehrlich Guest Posted: Sun Nov 23, 2003 7:55 pm    Post subject: How to decode an account password? I wrote an SMTP client within my application so the user can easily send reports by e-mail. It was simple to read the Windows Registry and get the Default Mail Account and its correspondent information, but I've been forcing the user to always retype the account password since I don't know how to retrieve the value stored at the 'SMTP Password2' key. Obviously this is not user-friendly at all. How can I read the Registry to know if the server needs authentication so I can set properly SMTP.AuthenticationType and how can I decode the password to a string I can assing to SMTP.Password? Thanks, Marcio Back to top Marcio Ehrlich Guest Posted: Mon Nov 24, 2003 11:01 pm    Post subject: Re: How to decrypt an account password? "Marcio Ehrlich" <nouser (AT) nouser (DOT) com> wrote: Quote: How can I read the Registry to know if the server needs authentication so I can set properly SMTP.AuthenticationType and how can I decode the password to a string I can assing to SMTP.Password? Gambit, More than 24 hours with no answer, I wonder: isn't this the proper forum, there is no solution to my problem or what else? Would you mind to give me an advice? Thanks, Marcio Back to top Remy Lebeau (TeamB) Guest Posted: Mon Nov 24, 2003 11:27 pm    Post subject: Re: How to decrypt an account password? "Marcio Ehrlich" <nouser (AT) nouser (DOT) com> wrote Quote: More than 24 hours with no answer, I wonder: isn't this the proper forum, there is no solution to my problem or what else? Would you mind to give me an advice? I do not advise you to try to crack the user's password from the Registry. That would be a breach of security if you could do that. It is encrypted for a reason. For your own program, just ask the user the first time what the password is, and then store it somewhere for later use so you don't have to ask over and over. If they change the password, you'll just have to ask for it again. Every email program I have ever seen that supports SMTP authentication has an option to configure the program to tell it what server to connect to and what login info it requires. You should not be trying to read some other program's configuration. First off, it is not guaranteed to even be there in the first place if the user is not using that other program to begin with. And second, there is no guarantee that the other program's configuration will be consistent from one version to another. It is better if you just have your own separate configuration that has absolutely nothing to do with any other email programs at all. Gambit Back to top Marcio Ehrlich Guest Posted: Mon Nov 24, 2003 11:44 pm    Post subject: Re: How to decrypt an account password? "Remy Lebeau (TeamB)" <gambit47.no.spam (AT) no (DOT) spam.yahoo.com> wrote: Quote: For your own program, just ask the user the first time what the password is, and then store it somewhere for later use so you don't have to ask over and over. Good idea! Thank you. Marcio Back to top Daniel Bragg Guest Posted: Tue Nov 25, 2003 3:51 pm    Post subject: Re: How to decrypt an account password? "Marcio Ehrlich" <nouser (AT) nouser (DOT) com> wrote Quote: "Remy Lebeau (TeamB)" <gambit47.no.spam (AT) no (DOT) spam.yahoo.com> wrote: For your own program, just ask the user the first time what the password is, and then store it somewhere for later use so you don't have to ask over and over. Good idea! Thank you. Marcio An additional word to the wise - if you ask the user for the P/W and store it, please encrypt it (using something reasonable, like TripleAES or Blowfish). If you don't, and it is found out that you store unencrypted, then people could use your software to compromise user's accounts... Daniel Back to top Simon Devlin Guest Posted: Tue Nov 25, 2003 10:11 pm    Post subject: Re: How to decrypt an account password? Both are excellent choices (as long as reasonable care is taken), and easy now that the turbopower encryption components are opensourced on http://sourceforge.net/projects/tplockbox Regards "Daniel Bragg" <NoSpam (AT) CCDSystems (DOT) com> wrote Quote: An additional word to the wise - if you ask the user for the P/W and store it, please encrypt it (using something reasonable, like TripleAES or Blowfish). If you don't, and it is found out that you store unencrypted, then people could use your software to compromise user's accounts... Daniel Back to top Marcio Ehrlich Guest Posted: Wed Nov 26, 2003 2:30 am    Post subject: Re: How to decrypt an account password? "Simon Devlin" <simon.devlin> wrote: Quote: now that the turbopower encryption components are opensourced on http://sourceforge.net/projects/tplockbox Simon, Although I understand password encryption is necessary, I have never dealt with it and I was quite frightened with that documentation: 197 pages! Is it really mandatory to install all those components and read all those pages just to encrypt/decrypt internet accounts passwords? Or there is somewhere anything simpler? Thanks, Marcio Back to top Remy Lebeau (TeamB) Guest Posted: Wed Nov 26, 2003 3:23 am    Post subject: Re: How to decrypt an account password? "Marcio Ehrlich" <nouser (AT) nouser (DOT) com> wrote Quote: Although I understand password encryption is necessary, I have never dealt with it and I was quite frightened with that documentation: 197 pages! Is it really mandatory to install all those components and read all those pages just to encrypt/decrypt internet accounts passwords? Of course not. Just pick *1* encryption algorithm that suits your needs, and then use it. There are many third-party components and libraries available that focus on specific algorithms. Have a look at the Encryption section of http://www.torry.net for individual components, for example. The LockBox toolkit that you are currently looking at is a suite of many different components, it is not a single algorithm. Gambit Back to top Ben Hochstrasser Guest Posted: Wed Nov 26, 2003 7:44 am    Post subject: Re: How to decrypt an account password? "Marcio Ehrlich" <nouser (AT) nouser (DOT) com> wrote: Quote: Or there is somewhere anything simpler? I modelled some simple procedure around the Dave Barton's RC4 implementation ([url]http://www.delphi32.com/vcl/3285/)[/url]. While there are stronger algorithms around it should be adequate to protect passwords in registries and such. -- Ben Back to top Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First         BorlandTalk.com Forum Index -> Delphi Internet Winsock All times are GMT Page 1 of 1   Jump to: Select a forum C++ Builder Newsgroups----------------C++ BuilderC++ Builder (ActiveX)C++ Builder (Announcements)C++ Builder (Command Line Tools)C++ Builder DatabasesC++ Builder Databases (ADO)C++ Builder Databases (Desktop)C++ Builder Databases (InterBase Express)C++ Builder Databases (Multi-Tier)C++ Builder Databases (SQL Servers)C++ Builder (Graphics)C++ Builder (IDE)C++ Builder (Internet)C++ Builder (Internet Socket)C++ Builder (Internet Web)C++ Builder (Jobs)C++ Builder (Language)C++ Builder (Language C++)C++ Builder (Compatibility with MFC)C++ Builder (Native API)C++ Builder (Non-Technical)C++ Builder (Students)C++ Builder (Third Party Tools)C++ Builder (Upgrade)C++ Builder (VCL)C++ Builder (VCL Components Usage)C++ Builder (VCL Components Development)C++ Builder (VCL Usage)C++ Builder (WinAPI)C++ Builder Installation Delphi Newsgroups----------------Delphi (General)Delphi ActiveX Controls UsageDelphi ActiveX Controls DevelopmentDelphi As400Delphi DatabasesDelphi Databases (ADO)Delphi Databases (dbExpress)Delphi Databases (Desktop)Delphi Databases (InterBase Express)Delphi Databases (Multi-Tier)Delphi Databases (SQL Servers)Delphi DeploymentDelphi GraphicsDelphi IDEDelphi InternationalizationDelphi InternetDelphi Internet Isapi-WebBrokerDelphi Internet WebSnapDelphi Internet WinsockDelphi JobsDelphi Language BASMDelphi Language ObjectPascalDelphi Model Driven Architecture (General)Delphi Model Driven Architecture (Third Party)Delphi MultimediaDelphi Native APIDelphi Non-TechnicalDelphi ObjectPascalDelphi OLE AutomationDelphi OO designDelphi OpenToolsAPIDelphi Reporting-ChartingDelphi RTLDelphi StudentsDelphi TeamSourceDelphi Thirdparty ToolsDelphi Thirdparty Tools (General)Delphi Thirdparty Tools (IntraWeb)Delphi Thirdparty Tools (RaveReports)Delphi UpgradeDelphi VCLDelphi VCL ComponentsDelphi VCL Components UsingDelphi VCL Components WritingDelphi WebServices SOAPDelphi WinAPIDelphi XMLDelphi Installationcomp.lang.pascal.delphi.components.misccomp.lang.pascal.delphi.components.usagecomp.lang.pascal.delphi.components.writingcomp.lang.pascal.delphi.databasescomp.lang.pascal.delphi.misccomp.sources.delphi JBuilder Newsgroups----------------JBuilderJBuilder AnnouncementsJBuilder Applet IssuesJBuilder As400JBuilder CompilerJBuilder CORBA/RMIJBuilder DatabasesJBuilder DB SwingJBuilder DebuggerJBuilder DeploymentJBuilder DocumentationJBuilder EnterpriseJBuilder HandheldJBuilder IDEJBuilder JavaJBuilder JavaAPIJBuilder Java LanguageJBuilder Java SwingJBuilder Java BeansJBuilder Java Beans UsageJBuilder Java Beans DevelopmentJBuilder JBCLJBuilder JDataStoreJBuilder JobsJBuilder LinuxJBuilder MacintoshJBuilder & MobileSetJBuilder MultiLingual AppsJBuilder Non-TechnicalJBuilder OpenToolsJBuilder Servlets (JSP)JBuilder StudentsJBuilder Team DevelopmentJBuilder Thirdparty ToolsJBuilder UpgradeJBuilder Installation InterBase Newsgroups----------------InterBaseInterBase Bug DiscussionInterBase GeneralInterBase IBConsoleInterBase OpenSourceInterBase ReplicationInterBase SQLInterBase ThirdpartyInterBase Installation Miscellaneous Borland Newsgroups----------------AppCenterAppServerEnteraVisiBroker  You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum Powered by phpBB © 2001, 2006 phpBB Group SEO toolkit © 2004-2006 webmedic.